← Back to Skills Marketplace

VM Health Check

Name: VM Health Check
Author: tonylnng

by tonylnng · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

244

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install tonic-vm-check

Description

🖥️ Instant VM health checks — no config needed after first run. Point it at any Docker-based Linux server and get a clean report covering CPU, memory, disk,...

Usage Guidance

This skill appears to do what it says, but take these precautions before installing/using it: - Do not store private key material in project files. The skill saves the SSH key path to TOOLS.md; avoid writing actual private keys and consider not storing the path in a repo (add TOOLS.md to .gitignore or keep credentials out of the workspace). Prefer passing VM_HOST/VM_USER/SSH_KEY as environment variables at runtime. - Host-key verification is disabled (ssh -o StrictHostKeyChecking=no). That avoids interactive prompts but increases MITM risk — consider verifying host keys manually or removing the option. - The cleanup section runs docker image prune -af and docker builder prune -f automatically; these can free space but are destructive to unused images/cache. The SKILL.md warns about not running docker system prune -af, but still confirm before running cleanup on production systems. - The script suppresses stderr (2>/dev/null) in many remote commands which can hide errors. If something looks wrong, run the underlying commands manually on the host to inspect full output. - The DB size checks attempt to connect without credentials (root with empty password); if your containers require credentials, the script will note that and skip — but do not add credentials to TOOLS.md in plaintext. - Review the included script (scripts/vm-check.sh) yourself before running and test in a safe environment. If you need stronger safeguards, modify the script to enforce host-key checking, avoid writing connection info to disk, and require explicit confirmation before any pruning operations.

Capability Analysis

Type: OpenClaw Skill Name: tonic-vm-check Version: 1.0.2 The skill is classified as suspicious due to potential command injection vulnerabilities and insecure handling of sensitive credentials. The script `scripts/vm-check.sh` constructs shell commands using unsanitized environment variables (`VM_HOST`, `VM_USER`, `SSH_KEY`), which could allow for local command execution if the agent is provided with malicious input. Additionally, `SKILL.md` instructs the agent to store sensitive SSH private key paths in `TOOLS.md`, and the script explicitly disables SSH host key verification (`StrictHostKeyChecking=no`), increasing the risk of man-in-the-middle attacks.

Capability Assessment

✓ Purpose & Capability

The name/description match the implementation: the script SSHes to a Docker-based VM and gathers system, Docker, and DB metrics and can prune images/build cache. No unrelated credentials or services are requested.

ℹ Instruction Scope

SKILL.md instructs the agent to read and append VM_HOST, VM_USER, and SSH_KEY (path) to TOOLS.md in the workspace. Persisting VM connection details in a project file is a design choice but can leak hostnames and key paths; the script then performs remote docker/mysql/psql commands and may run destructive cleanup when 'cleanup' is selected. The instructions suppress stderr in several places which can hide errors.

✓ Install Mechanism

No install spec; this is instruction-only with a single included bash script. Nothing is downloaded or written to disk by an installer step beyond the requested TOOLS.md edit.

ℹ Credentials

The skill declares no required env vars but expects VM_HOST, VM_USER, and SSH_KEY at runtime (and asks to save them to TOOLS.md). Those variables are expected for SSH-based checks; however storing the SSH_KEY path in a workspace file and relying on an on-disk private key has privacy implications. The script uses ssh -i <key> so the private key file will be used by the SSH client (expected for SSH access).

ℹ Persistence & Privilege

always:false and normal invocation. The only persistent behavior is appending connection info to TOOLS.md (the skill does not modify other skills or global agent settings). Persisting host/key info in a repository/workspace file is potentially sensitive and should be managed (e.g., .gitignore or avoid storing key paths).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install tonic-vm-check
After installation, invoke the skill by name or use /tonic-vm-check
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

Improved ClawHub description — clearer use cases and trigger phrases

v1.0.1

Auto-configure VM details: reads from TOOLS.md, prompts user once if missing, saves for future use

v1.0.0

Initial release: Docker VM health check via SSH — system, containers, DB sizes, disk, cleanup

Metadata

Slug tonic-vm-check

Version 1.0.2

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 3

Frequently Asked Questions

What is VM Health Check?

🖥️ Instant VM health checks — no config needed after first run. Point it at any Docker-based Linux server and get a clean report covering CPU, memory, disk,... It is an AI Agent Skill for Claude Code / OpenClaw, with 244 downloads so far.

How do I install VM Health Check?

Run "/install tonic-vm-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is VM Health Check free?

Yes, VM Health Check is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does VM Health Check support?

VM Health Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created VM Health Check?

It is built and maintained by tonylnng (@tonylnng); the current version is v1.0.2.

More Skills